Semicolon attack

M$ IIS webserver is vulnerable to an attack using a semicolon in conjunction with benign extensions to fool it into executing malware.